June 2013

The Hackers Want a Piece of the PII

With summer on the way, now is not the time to drop your guard. The criminal element in the Internet is as active as it has even been and they are out to get the Personally Identifiable Information (PII) from you to use your information to spam your friends and contacts. PII refers to information that can be used to distinguish or trace an individual’s identity, such as name, Social Security Number, biometric records, etc. alone or when combined with other personal identifying information which is linked or linkable to a specific individual, such as date of birth, mother’s maiden name, etc. When a phishing expedition results in a “breach” of PII, loss of such information may lead to identity theft or other fraudulent use of the information, resulting in substantial harm, embarrassment, and inconvenience to individuals, possibly financially as well. A “breach” is defined as loss of control, compromise, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for an other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic.

Examples of PII are:

Name (full name or first initial and last name), maiden name

Email address or other online contact information such as instant messaging identifier

The criminal element does not take the summer off and they will attack both your CCRI email account AND personal email accounts you might have on a regular basis. Questions are always asked why the email providers cannot stop these before they reach the email mailbox. In an effort to demonstrate how difficult this is to block, here is an example of a recent phishing attack.

Notice that this (right) would appear to be a normal message from FedEx stating that they tried to deliver a package to me at CCRI and they were unable. Some distinguishing elements of this email make it suspicious.

I was not expecting a package and so this would have gotten my attention.

Typically FedEx would not deliver packages to CCRI on a Saturday knowing that the college was not open and May 25th was a Saturday.

Third, the email address from which the email was delivered has nothing to do with FedEx. The us.33@Legionpost432.comis obviously someone who answered a phishing attack and now their account is being used to foster a new stream of phishing attacks.

Finally, if you receive an unexpected email like this, NEVER, NEVER, NEVER click on anything that says “print this label” or “click on this link”. It might look entirely innocent and it might not actually load or do something obvious to your account, but in the background it could be loading a “time bomb” or problems that at some point will wake up and wreak havoc on your PII in your computer or on one or more of your accounts.

So this email, innocent and authentic-enough looking was, in fact, a phishing expedition trying to target my account here at CCRI. We caught it as soon as it hit my account and we blocked additional incoming attempts from this site and email address. No automated process would have seen anything threatening or potentially hurtful in this email. In this case, it is up to the human element to detect that something is not quite right.

At CCRI, the statistics are staggering as to the amount of email blocked or labeled each and every day as “suspected spam” or containing “spam-like content” (about 98% of all emails are blocked or labeled as suspicious). Incoming attachments are scanned for viruses and known bad email addresses are blocked in an attempt to protect everyone’s email mailbox. However, every phishing expedition that comes through undetected results in a number of PII “breaches” and email account information is shared with those who look to create mayhem for CCRI and eventually get the college “blacklisted”.

Although it has been said many times and in many communiques to the CCRI community, let’s repeat the statement that IT and CCRI always make.:

IT WILL NEVER ASK YOU FOR YOUR ACCOUNT INFORMATION, THAT BEING YOUR USERNAME AND PASSWORD. IT WILL NEVER ASK YOU TO CONFIRM YOUR ACCOUNT BY HAVING YOU CLICK ON A LINK. CONTACT FROM THE IT DEPARTMENT WILL ALWAYS BE IN PERSON BY PHONE OR FACE-TO-FACE WHEN AN ACCOUNT HAS BEEN COMPROMISED AND WE NEED YOUR ASSISTANCE.

Today we immediately see when someone has fallen victim to a phishing expedition. The compromised account starts sending enormous amounts of email messages not commonly seen. Thousands of email messages will be sent across the wires from a CRI account resulting in network providers identifying it as a spam attack and as a result blocking email from CCRI until it has been determined that that activity has been stopped. Warnings from our systems indicate when that spamming activity starts and the IT Operations crew immediately disables the email account so no further messages can be sent. The Help Desk then contacts the email account owner to let them know what is happening and that their account has been compromised and thus disabled. Efforts are then made to get the account issues resolved and the account to be re-enabled.

This used to happen as soon as the email account was compromised but the phishing “attackers” are getting smarter. Now they schedule the email spamming to occur in the middle of the night when everyone is asleep. So it becomes even more difficult for the IT Operations staff to jump on the resulting email spam that gets sent from CCRI. They respond as soon as they see it but sometimes that occurs hours after the attack has started.

The best remedy for avoiding all of this mess is to be aware, think before you click and never give out PII to any email request. If you are unsure as to whether something is legitimate, then it probably is not. Always wait for additional messages before responding in any way and never open attachments or click links from unknown or unexpected parties. Protecting yourself from these phishing expeditions is a responsibility of every account holder, whether email, on-line banking, e-purchasing or social networking. The attacks will continue as long as people unknowingly allow entry into their PII and whether CCRI or private email account; the criminal element is attempting every method conceivable to get their piece of the PII.

Help Desk No More – Help Desk on the Way

The IT Help Desk over the years has had limitations in a number of ways that challenge its effectiveness and its ability to deliver quality support. Since September 2010, the incoming calls have totaled just fewer than 45,000 and that has clearly overwhelmed the full-time staff of two, the fluctuating part-time staff, the Academic Computing labs and the severely limited hours of operation in this area. The percentage of abandoned calls has decreased significantly over the years from a high of 49% to a low of 21% but these numbers do not reflect a service level that is acceptable for IT.

Efforts have been made in the past two years to open more phone support utilizing the computing labs which are open until 10 PM on Monday through Thursday with some additional hours on Saturday and Sunday. While that has helped, it still does not address the volume of calls that arrives every day and in particular at the beginning of every semester. As we hover just below the 30% abandoned calls number, we need to find new ways of resolving the growing anxiety of technology users on campus that delivers better service in a timely manner.

Common call-in issues that we need to address are:

Callers don’t know their Knight Account Username.

Callers don’t know their MyCCRI password.

Callers don’t know CCRI ID Number.

Callers don’t’ have an active account.

Callers have had their accounts disabled/ suspended or expired.

Callers don’t know how to change their password

Callers have had a legal name change and would like to have their username changed.

Callers don’t know what is meant by enrolling in SMOP.

Callers don’t know how to enroll in SMOP.

In each of these cases, the recurring calls could be addressed by a video snippet, how-to message requiring no human intervention and something that someone could review repeatedly to resolve their problem. Moving the Help Desk to a Help Desk helps identify the fact that there are services that IT provides that could be delivered in a more efficient and effective manner.

Additionally, IT is looking to expand the number of hours where telephone coverage could be offered and through a variety of methods. This coming fall, phone, email, text and chat support will be implemented which will allow multiple levels of support to be extended across all four campuses to students, faculty and staff. Though we will not have 24x7 support, the hours will mirror the library hours of operation plus. More services will be accessible from the computing labs where IT seeks to have more outreach and proactive engagements with our constituents.

Several tiers of support will be enveloped around a new Help Desk management tool that allows self-serve, on demand tools for entering tickets, monitoring ticket progress and reducing the time between reporting and resolution. A new feature will be the ability of IT staff to, in some cases; access the caller’s desktop remotely for the purpose of expediting the resolution of the call. The caller can view the activity on the local monitor as it occurs. The Support Specialist will request and receive the caller’s consent before accessing the computer remotely. If consent is not given, the call will be assigned the appropriate level of priority.

The efficiency of the IT Help Desk will be measured over time to continually improve the assistance offered, the level of service attained, the comparison between service level agreements and actual resolution and the number of tickets resolved on time or below. The attention given to the new IT service Desk will hopefully address issues indicated by “pain points” of those using technology at CCRI. Stay tuned for more information about the new IT Help Desk and its evolution.

Windows 8 is Coming!

Every year IT builds images for all computing labs and classrooms on all four campuses of the college. In the past this has been a long, arduous process which takes many weeks of testing, adjusting, customizing and tweaking to get a working set of computer software to behave nicely together and meet the needs of our students and teaching faculty. Five years ago, images were different from campus to campus and room to room and scheduling of classrooms was predicated on what software was installed in what location.

This is no longer the case. Though the image is fairly large, legal copies of software are brought together and offered in classrooms and labs that appear regardless of the location. Each image is exactly the same from campus to campus. No classroom determines what software is available. The only difference might be the operating system employed in each classroom; Apple or PC.

Through the request of faculty on the four campuses, Microsoft Windows 8 is being rolled out to the PC utilizing classrooms and lab machines in order to offer the latest operating system to our students and their faculty. This decision was not made by IT but through the requests of the faculty members using these resources. Extensive testing of the image for a working, combination of software and operating system has been going on for many weeks and will be accessible in the fall.